@sap/cds 8.0.4 → 8.1.1

package/lib/srv/protocols/hcql.js

@@ -1,6 +1,6 @@
 const express = require('express')
 const cds = require('../../index')
-const LOG = cds.log('hcql')
+const DEBUG = cds.debug('hcql')
 const { inspect } = require('util')
 
 class HCQLAdapter extends require('./http') {
@@ -14,8 +14,8 @@ class HCQLAdapter extends require('./http') {
      */
     .get('/\\$csn', (_, res) => res.json(this.schema))
 
-    .use(express.json()) //> for application/json -> cqn
-    .use(express.text()) //> for text/plain -> cql -> cqn
+    .use(express.json(this.body_parser_options)) //> for application/json -> cqn
+    .use(express.text(this.body_parser_options)) //> for text/plain -> cql -> cqn
 
     /**
      * Convenience route for REST-style request formats like that:
@@ -36,7 +36,7 @@ class HCQLAdapter extends require('./http') {
      */
     .use((req, res, next) => {
       let q = this.query4(req)
-      LOG._info && LOG.info(req.method, decodeURIComponent(req.originalUrl), inspect(q, { colors: true, depth: 11 }))
+      DEBUG?.(inspect(q,{depth:11,colors:true}))
       return srv.run(q).then(r => res.json(r)).catch(next)
     })
   }
@@ -46,7 +46,7 @@ class HCQLAdapter extends require('./http') {
   }
 
   query4 (req) {
-    if (typeof req.body === 'string') return cds.parse.cql(req.body)
+    if (typeof req.body === 'string') return req.body = cds.parse.cql(req.body)
     return req.body //> a plain CQN object
   }
 }

package/lib/srv/protocols/http.js

@@ -17,38 +17,50 @@ class HttpAdapter {
 
   /** The actual Router factory. Subclasses override this to add specific handlers. */
   get router() {
-    let router = super.router = (new express.Router) .use (this.http_log.bind(this))
-    let assert_roles = this.requires_check()
-    if (assert_roles) router.use (assert_roles)
+    let router = super.router = (new express.Router)
+    this.use (this.http_log)
+    this.use (this.requires_check)
     return router
   }
 
-  /** Handler to log all incoming requests */
-  http_log (r,_,next) {
-    this.logger = cds.log(this.kind)
-    this.log(r)
-    next()
+  use (middleware) {
+    if (middleware) this.router.use (middleware)
+    return this
   }
 
   /** Subclasses may override this method to log incoming requests. */
-  log (req, LOG = this.logger) { LOG._info && LOG.info (
+  log (req, LOG = this.logger) { LOG.info (
     req.method,
     decodeURI (req.baseUrl + req.path),
     Object.keys (req.query).length ? { ...req.query } : ''
   )}
 
+  /** Returns a handler to log all incoming requests */
+  get http_log() {
+    const LOG = this.logger = cds.log(this.kind); if (!LOG._info) return undefined
+    const log = this.log.bind(this)
+    return function http_log (req,_,next) { log(req,LOG); next() }
+  }
+
   /** Returns a handler to check required roles, or null if no check required. */
-  requires_check() {
+  get requires_check() {
     const d = this.service.definition
     const roles = d['@requires'] || d['@restrict']?.map(r => r.to).flat().filter(r => r)
     const required = !roles?.length ? restricted_by_default : Array.isArray(roles) ? roles : [roles]
-    if (required) return function requires_check (req, res, next) {
+    return required && function requires_check (req, res, next) {
       const user = cds.context.user
       if (required.some(role => user.has(role))) return next()
       else if (user._is_anonymous) return next(401) // request login
       else throw Object.assign(new Error, { code: 403, reason: `User '${user.id}' is lacking required roles: [${required}]`, user, required })
     }
   }
+
+  get body_parser_options() {
+    let options = cds.env.server.body_parser
+    let limit = this.service.definition['@cds.server.body_parser.limit']
+    if (limit) options = { ...options, limit }
+    return super.body_parser_options = options
+  }
 }
 
 

package/lib/srv/srv-tx.js

@@ -96,6 +96,7 @@ class Transaction {
      * synchronous modification of passed error only
      * err is undefined if nested tx (cf. "root.before ('failed', ()=> this.rollback())")
      */
+    // FIXME: with noa, this.context === cds.context and not the individual cds.Request
     if (err) for (const each of this._handlers._error) each.handler.call(this, err, this.context)
 
     if (this.ready) { //> nothing to do if no transaction started at all

package/lib/test/expect.js

@@ -112,7 +112,7 @@ class Core {
       if (is.string(a)) return a.includes(x)
       if (is.array(a)) return a.includes(x) || this._deep && a.some(o => compare(o, x, true))
       if (is.set(a)) return a.has(x)
-      if (this._deep && is.object(a)) return compare(a, x, true)
+      if (is.object(a)) return compare(a, x, this._deep)
     }, _fail)
   }
 

package/lib/utils/cds-test.js

@@ -160,7 +160,7 @@ class Test extends require('./axios') {
     `)}}
   }
   set expect(x) { super.expect = x }
-  get expect() { return this.chai.expect }
+  get expect() { return _expect || this.chai.expect }
   get assert() { return this.chai.assert }
   get should() { return this.chai.should() }
 }
@@ -174,6 +174,7 @@ Object.setPrototypeOf (exports, Test.prototype)
 
 
 // Provide same global functions for jest and mocha
+let _expect = undefined
 ;(function _support_jest_and_mocha() {
   const _global = p => Object.getOwnPropertyDescriptor(global,p)?.value
   const is_jest = _global('beforeAll')
@@ -185,7 +186,7 @@ Object.setPrototypeOf (exports, Test.prototype)
     global.afterAll   = global.after     = (msg,fn) => repl.on?.('exit',fn||msg)
     global.beforeEach = global.afterEach = ()=>{}
     global.describe   = ()=>{}
-    exports.expect = global.expect = require('../test/expect')
+    global.expect = _expect = require('../test/expect')
 
   } else if (is_mocha) { // it's mocha
 
@@ -219,8 +220,7 @@ Object.setPrototypeOf (exports, Test.prototype)
     global.afterAll = global.after = (msg,fn) => after(fn||msg)
     global.beforeEach = beforeEach
     global.afterEach = afterEach
-    global.expect = require('../test/expect')
-    exports.expect = global.expect
+    global.expect = _expect = require('../test/expect')
     suite ('<next>', ()=>{}) //> to signal the start of a test file
 
   }

package/libx/_runtime/common/error/utils.js

@@ -12,7 +12,8 @@ const i18n = (...args) => {
  * @returns localized error message
  */
 function getErrorMessage(error, locale) {
-  const txt = i18n(error.message || error.code || error.status || error.statusCode, locale, error.args)
+  const key = error.message || error.code || error.status || error.statusCode || '500'
+  const txt = i18n(key, locale, error.args)
   return txt || error.message || String(error.code || error.status || error.statusCode)
 }
 

package/libx/_runtime/common/generic/input.js

@@ -349,15 +349,12 @@ const _getOperation = (req, service) => {
 
 function _actionFunctionHandler(req) {
   const operation = _getOperation(req, this)
-  if (!operation || !operation.params) return
+  if (!operation) return
 
   const data = req.data || {}
 
-  // REVISIT: skip for mtxs as their models contain invalidities (e.g., properties modeled as strings but provided as objects)
-  const is_mtxs = operation.name.match(/^cds\.xt\./)
-
   // validate data
-  if (cds.env.features.cds_validate && !is_mtxs) {
+  if (cds.env.features.cds_validate) {
     const assertOptions = { mandatories: true }
     let errs = cds.validate(data, operation, assertOptions)
     if (errs) {

package/libx/_runtime/common/generic/stream.js

@@ -1,4 +1,14 @@
 const cds = require('../../cds')
+// REVISIT: Remove after removing okra
+const { isStreaming } = require('../../cds-services/adapter/odata-v4/utils/stream')
+
+const _isStream = query => {
+  const { _propertyAccess, target } = query
+  if (!_propertyAccess) return
+
+  const element = target.elements[_propertyAccess]
+  return element._type === 'cds.LargeBinary' && element['@Core.MediaType']
+}
 
 const _getStreamingProperties = elements => {
   const result = []
@@ -14,9 +24,7 @@ const _getStreamingProperties = elements => {
 
 const _getMediaTypeValue = () => {
   const ctx = cds.context
-  return (
-    !ctx?.http?.req?.headers?.['content-type']?.match(/json|multipart/i) && ctx?.http?.req?.headers?.['content-type']
-  )
+  return !ctx?.http?.req?.headers?.['content-type']?.match(/multipart/i) && ctx?.http?.req?.headers?.['content-type']
 }
 
 function _addContentType(req, mtValue) {
@@ -27,12 +35,19 @@ function _addContentType(req, mtValue) {
 
 async function addContentType(req) {
   if (!req.query || !req.target) return
+  if (req._.odataReq) {
+    if (!isStreaming(req._.odataReq.getUriInfo().getPathSegments())) return
+  } else if (req.req?._query) {
+    if (!_isStream(req.req._query)) return
+  }
+
   const mtValue = _getMediaTypeValue()
   if (!mtValue) return
 
   _addContentType(req, mtValue)
 }
 
+// register after input.js in order to write content-type also for @Core.Computed fields
 module.exports = cds.service.impl(function () {
   this.before(['PATCH', 'UPDATE'], '*', addContentType)
 })

package/libx/_runtime/common/utils/cqn2cqn4sql.js

@@ -758,13 +758,25 @@ const _convertSelect = (query, model, _options) => {
     //          old db expects it as cqn xpr
     if (query.SELECT.search.length === 1) {
       query.SELECT.search = query.SELECT.search[0].val
-        .replace(/"/g, '')
-        .split(' ')
+        .match(/("")|("(?:[^"]|\\")*(?:[^\\]|\\\\)")|(\S*)/g)
+        .filter(el => el.length)
+        .map(el => {
+          if (el[0] === '"' && el.at(-1) === '"') {
+            try {
+              return JSON.parse(el)
+            } catch {
+              return el
+            }
+          }
+          return el
+        })
         .reduce((arr, val, i) => {
           if (i > 0) arr.push('and')
           arr.push({ val })
           return arr
         }, [])
+
+      if (!query.SELECT.search.length) query.SELECT.search = [{ val: '' }]
     }
 
     search2cqn4sql(query, model, { ...query._searchOptions, ...{ entityName, alias } })

package/libx/_runtime/db/expand/expandCQNToJoin.js

@@ -779,6 +779,20 @@ class JoinCQNFromExpanded {
     })
 
     const targetEntity = this._getEntityForTable(target)
+
+    // ignore structured keys for now
+    let targetKeys = entity_keys(targetEntity).filter(key => !targetEntity.keys[key]._isStructured)
+    // ignore groupBy for now
+    if (targetKeys.length > 0 && !readToOneCQN.groupBy) {
+      const notOnlyExpandInColumns = !givenColumns.some(col => col.expand)
+      if (notOnlyExpandInColumns) {
+        const missingKeys = targetKeys.filter(keyName => !givenColumns.some(col => keyName === col.ref?.[0]))
+        if (missingKeys.length) {
+          givenColumns.push(...missingKeys.map(keyName => ({ ref: [keyName] })))
+        }
+      }
+    }
+
     if (
       'IsActiveEntity' in targetEntity.elements &&
       this._isNotIncludedIn(givenColumns)('IsActiveEntity') &&
@@ -1365,11 +1379,28 @@ class JoinCQNFromExpanded {
     const columns = []
     const outerColumns = []
 
+    const _sameRef = (col1, col2) => {
+      if (!col1.ref || !col2.ref) return false // only handle refs
+      if (col1.ref.length !== col2.ref.length) return false
+      if (col1.as !== col2.as) return false
+      for (let i = 0; i < col1.ref.length; i++) {
+        if (col1.ref[i] !== col2.ref[i]) return false
+      }
+      return true
+    }
+
     for (const entry of on) {
       if (entry.xpr) {
         const { columns: cols, outerColumns: outerCols } = this._getFilterColumns(readToOneCQN, entry.xpr, parentAlias)
-        columns.push(...cols)
-        outerColumns.push(...outerCols)
+
+        // de-duplicate
+        for (const col of cols) {
+          if (!columns.some(c => _sameRef(c, col))) columns.push(col)
+        }
+        for (const col of outerCols) {
+          if (!outerColumns.some(c => _sameRef(c, col))) outerColumns.push(col)
+        }
+
         continue
       }
 

package/libx/_runtime/fiori/lean-draft.js

@@ -207,7 +207,7 @@ const _redirectRefToActives = (ref, model) => {
 }
 
 const lastCheckMap = new Map()
-const _cleanUpOldDrafts = async (service, tenant) => {
+const _cleanUpOldDrafts = (service, tenant) => {
   if (!DEL_TIMEOUT.value) return
 
   const expiryDate = new Date(Date.now() - DEL_TIMEOUT.value).toISOString()
@@ -1081,14 +1081,23 @@ function _cleansed(query, model) {
       }
       cds.infer(draftsQuery, model.definitions)
       // draftsQuery._target = draftsQuery._target?.drafts || draftsQuery._target
-      if (query.SELECT.columns && query._target.drafts)
-        draftsQuery.SELECT.columns = _cleanseCols(query.SELECT.columns, REDUCED_DRAFT_ELEMENTS, draft)
+      if (query.SELECT.columns && query._target.drafts) {
+        if (draftsQuery._target.isDraft)
+          draftsQuery.SELECT.columns = _cleanseCols(query.SELECT.columns, REDUCED_DRAFT_ELEMENTS, draft)
+        else draftsQuery.SELECT.columns = _cleanseCols(query.SELECT.columns, DRAFT_ELEMENTS, draft)
+      }
 
-      if (query.SELECT.where && query._target.drafts)
-        draftsQuery.SELECT.where = _cleanseWhere(query.SELECT.where, {}, DRAFT_ELEMENTS_WITHOUT_HASACTIVE)
+      if (query.SELECT.where && query._target.drafts) {
+        if (draftsQuery._target.isDraft)
+          draftsQuery.SELECT.where = _cleanseWhere(query.SELECT.where, {}, DRAFT_ELEMENTS_WITHOUT_HASACTIVE)
+        else draftsQuery.SELECT.where = _cleanseWhere(query.SELECT.where, {}, DRAFT_ELEMENTS)
+      }
 
-      if (query.SELECT.orderBy && query._target.drafts)
-        draftsQuery.SELECT.orderBy = _cleanseWhere(query.SELECT.orderBy, {}, REDUCED_DRAFT_ELEMENTS)
+      if (query.SELECT.orderBy && query._target.drafts) {
+        if (draftsQuery._target.isDraft)
+          draftsQuery.SELECT.orderBy = _cleanseWhere(query.SELECT.orderBy, {}, REDUCED_DRAFT_ELEMENTS)
+        else draftsQuery.SELECT.orderBy = _cleanseWhere(query.SELECT.orderBy, {}, DRAFT_ELEMENTS)
+      }
 
       if (draftsQuery._target.name.endsWith('.DraftAdministrativeData')) {
         draftsQuery.SELECT.columns = _tweakAdminCols(draftsQuery.SELECT.columns)

package/libx/_runtime/hana/customBuilder/CustomReferenceBuilder.js

@@ -15,7 +15,7 @@ class CustomReferenceBuilder extends ReferenceBuilder {
       const args = Object.keys(ref[0].args)
         .map(argKey => {
           this._outputObj.values.push(ref[0].args[argKey].val)
-          return `${argKey} => ${this._options.placeholder}`
+          return `${this._quoteElement(argKey)} => ${this._options.placeholder}`
         })
         .join(', ')
 

package/libx/_runtime/messaging/enterprise-messaging-utils/registerEndpoints.js

@@ -22,7 +22,7 @@ class EndpointRegistry {
       // unsuccessful auth doesn't automatically reject!
       cds.app.use(basePath, (req, res, next) => {
         // REVISIT: we should probably pass an error into next so that a (custom) error middleware can handle it
-        if (!cds.context.user._is_anonymous) res.status(401).json({ error: ODATA_UNAUTHORIZED })
+        if (cds.context.user._is_anonymous) return res.status(401).json({ error: ODATA_UNAUTHORIZED })
         next()
       })
     } else if (process.env.NODE_ENV === 'production') {
@@ -32,7 +32,7 @@ class EndpointRegistry {
       cds.app.use(basePath, cds.middlewares.context())
     }
     cds.app.use(basePath, express.json({ type: 'application/*+json' }))
-    cds.app.use(basePath, express.json()) // REVISIT: Do we need both?
+    cds.app.use(basePath, express.json())
     cds.app.use(basePath, express.urlencoded({ extended: true }))
     LOG._debug && LOG.debug('Register inbound endpoint', { basePath, method: 'OPTIONS' })
 

package/libx/_runtime/messaging/event-broker.js

@@ -48,31 +48,34 @@ function _validateCertificate(req, res, next) {
     return res.status(401).json({ message: 'Authentication Failed' })
   }
 
-  const bindingCert = new crypto.X509Certificate(this.options.credentials.certificate).toLegacyObject()
-  const clientCert = new crypto.X509Certificate(
+  const clientCertObj = new crypto.X509Certificate(
     `-----BEGIN CERTIFICATE-----\n${req.headers['x-forwarded-client-cert']}\n-----END CERTIFICATE-----`
-  ).toLegacyObject()
+  )
+  const clientCert = clientCertObj.toLegacyObject()
+
+  if (!this.isMultitenancy && !clientCertObj.checkPrivateKey(this.privateKey))
+    return res.status(401).josn({ message: 'Authentication Failed' })
 
   const cfSubject = Buffer.from(req.headers['x-ssl-client-subject-cn'], 'base64').toString()
-  if (bindingCert.subject.CN !== clientCert.subject.CN || bindingCert.subject.CN !== cfSubject) {
+  if (this.validationCert.subject.CN !== clientCert.subject.CN || this.validationCert.subject.CN !== cfSubject) {
     this.LOG.info('certificate subject does not match')
     return res.status(401).json({ message: 'Authentication Failed' })
   }
   this.LOG.debug('incoming Subject CN is valid.')
 
-  if (bindingCert.issuer.CN !== clientCert.issuer.CN) {
+  if (this.validationCert.issuer.CN !== clientCert.issuer.CN) {
     this.LOG.info('Certificate issuer subject does not match')
     return res.status(401).json({ message: 'Authentication Failed' })
   }
   this.LOG.debug('incoming issuer subject CN is valid.')
 
-  if (bindingCert.issuer.O !== clientCert.issuer.O) {
+  if (this.validationCert.issuer.O !== clientCert.issuer.O) {
     this.LOG.info('Certificate issuer org does not match')
     return res.status(401).json({ message: 'Authentication Failed' })
   }
   this.LOG.debug('incoming Issuer Org is valid.')
 
-  if (bindingCert.issuer.OU !== clientCert.issuer.OU) {
+  if (this.validationCert.issuer.OU !== clientCert.issuer.OU) {
     this.LOG.info('certificate issuer OU does not match')
     return res.status(401).json({ message: 'Authentication Failed' })
   }
@@ -103,6 +106,11 @@ class EventBroker extends cds.MessagingService {
       this.startListening()
     })
     this.agent = this.getAgent()
+    this.isMultitenancy = cds.requires.multitenancy || cds.env.profiles.includes('mtx-sidecar')
+    this.validationCert = new crypto.X509Certificate(
+      this.isMultitenancy ? this.options.credentials.certificate : this.agent.options.cert
+    ).toLegacyObject()
+    this.privateKey = !this.isMultitenancy && crypto.createPrivateKey(this.agent.options.key)
   }
 
   getAgent() {
@@ -189,7 +197,13 @@ class EventBroker extends cds.MessagingService {
   }
 
   prepareHeaders(headers, event) {
-    if (!('source' in headers)) headers.source = `${this.options.credentials.ceSource[0]}/${cds.context.tenant}`
+    if (!('source' in headers)) {
+      if (!this.options.credentials.ceSource)
+        throw new Error(
+          'Cannot publish event because of missing source information, currently not part of binding information.'
+        )
+      headers.source = `${this.options.credentials.ceSource[0]}/${cds.context.tenant}`
+    }
     super.prepareHeaders(headers, event)
   }
 
@@ -214,7 +228,7 @@ class EventBroker extends cds.MessagingService {
       const msg = normalizeIncomingMessage(req.body)
       msg.event = event
       Object.assign(msg.headers, headers)
-      if (tenant) msg.tenant = tenant
+      if (this.isMultitenancy) msg.tenant = tenant
 
       // for cds.context.http
       msg._ = {}

package/libx/_runtime/remote/Service.js

@@ -261,7 +261,9 @@ class RemoteService extends cds.Service {
       const returnType = req._returnType
       const additionalOptions = { destination, kind, resolvedTarget, returnType, destinationOptions }
 
-      const jwt = req?.context?.headers?.authorization?.split(/^bearer /i)[1]
+      // REVISIT: i don't believe req.context.headers is an official API
+      let jwt = req?.context?.headers?.authorization?.split(/^bearer /i)[1]
+      if (!jwt) jwt = req?.context?.http?.req?.headers?.authorization?.split(/^bearer /i)[1]
       if (jwt) additionalOptions.jwt = jwt
 
       // hidden compat flag in order to suppress logging response body of failed request

package/libx/common/assert/utils.js

@@ -1,30 +1,3 @@
-function getNested(k, obj) {
-  let cur = obj
-  let p = ''
-  const parts = k.split('_')
-  while (parts.length) {
-    const q = parts.shift()
-    if (q in cur) {
-      cur = cur[q]
-      p = ''
-    } else {
-      p = p ? p + '_' + q : q
-      if (p in cur) {
-        cur = cur[p]
-        p = ''
-      } else {
-        if (Object.keys(cur).some(k => k.startsWith(p + '_'))) {
-          // continue for now as there's still a chance
-        } else {
-          // abort
-          return undefined
-        }
-      }
-    }
-  }
-  return cur[p] || cur !== obj ? cur : undefined
-}
-
 const getNormalizedDecimal = val => {
   let v = `${val}`
   const cgs = v.match(/^(\d*\.*\d*)e([+|-]*)(\d*)$/)
@@ -88,39 +61,10 @@ const resolveCDSType = ele => {
   return ele
 }
 
-function resolveSegment(prev, obj, def) {
-  if (prev.keys) {
-    let keys = []
-    for (const k of prev.keys) {
-      let val
-      if (k in obj) val = obj[k]
-      else val = getNested(k, obj)
-      if (val == null) {
-        // in some cases, k is not given, e.g., POST into collection via navigation
-        // TODO: what to put in target? "null", "transient", ...?
-        if (k === 'IsActiveEntity')
-          keys.push(`${k}=false`) //> always false if not in obj as it must be a draft activate
-        else keys.push(`${k}=null`)
-      } else {
-        const cdsType = resolveCDSType(def.elements[k])
-        const odataType = def.elements[k]['@odata.Type']
-        if (!odataType && cdsType === 'cds.String' || odataType === 'Edm.String') val = `'${val}'`
-        // TODO: more proper val encoding based on type
-        keys.push(`${k}=${val}`)
-      }
-    }
-    return `${prev.assoc}(${keys.join(',')})`
-  }
-  if (prev.index) {
-    return `${prev.prop}[${prev.index}]`
-  }
-}
 
 module.exports = {
-  getNested,
   getNormalizedDecimal,
   getTarget,
   isBase64String,
-  resolveCDSType,
-  resolveSegment
+  resolveCDSType
 }

package/libx/odata/middleware/batch.js

@@ -553,12 +553,11 @@ const _formatResponseJson = (request, atomicityGroup) => {
  */
 
 module.exports = adapter => {
-  const { options: config, router, service } = adapter
-  const { max_content_length } = config //> max_content_length is unofficial config
-
-  const options = { type: '*/*' }
-  if (max_content_length) options.limit = max_content_length
-  const textBodyParser = express.text(options)
+  const { router, service } = adapter
+  const textBodyParser = express.text({
+    ...adapter.body_parser_options,
+    type: '*/*' // REVISIT: why do we need to override type here?
+  })
 
   return function odata_batch(req, res, next) {
     if (req.headers['content-type'].includes('application/json')) {

package/libx/odata/middleware/body-parser.js

@@ -3,9 +3,8 @@ const express = require('express')
 // basically express.json() with string representation of body stored in req._raw for recovery
 // REVISIT: why do we need our own body parser? Only because of req._raw?
 module.exports = function bodyParser4(adapter, options = {}) {
-  if (!options.type) options.type = 'json'
-  const { max_content_length } = adapter.options //> max_content_length is unofficial config
-  if (!options.limit && max_content_length) options.limit = max_content_length
+  Object.assign(options, adapter.body_parser_options)
+  options.type ??= 'json' // REVISIT: why do we need to override type here?
   const textParser = express.text(options)
   return function http_body_parser(req, res, next) {
     if (typeof req.body === 'object') {

package/libx/odata/middleware/create.js

@@ -85,6 +85,11 @@ module.exports = (adapter, isUpsert) => {
       .catch(err => {
         handleSapMessages(cdsReq, req, res)
 
+        // REVISIT: invoke service.on('error') for failed batch subrequests
+        if (cdsReq.http.req.path.startsWith('/$batch') && service._handlers._error.length) {
+          for (const each of service._handlers._error) each.handler.call(service, err, cdsReq)
+        }
+
         next(err)
       })
   }

package/libx/odata/middleware/delete.js

@@ -62,6 +62,11 @@ module.exports = adapter => {
       .catch(err => {
         handleSapMessages(cdsReq, req, res)
 
+        // REVISIT: invoke service.on('error') for failed batch subrequests
+        if (cdsReq.http.req.path.startsWith('/$batch') && service._handlers._error.length) {
+          for (const each of service._handlers._error) each.handler.call(service, err, cdsReq)
+        }
+
         next(err)
       })
   }

package/libx/odata/middleware/error.js

@@ -7,6 +7,7 @@ const { normalizeError, unwrapMultipleErrors } = require('../../_runtime/common/
 module.exports = () => {
   return function odata_error(err, req, res, next) {
     if (err == 401 || err.code == 401) return next(err) // speed up logins, at least temporary until we reviewed and eliminated overhead that may be involved below
+
     // REVISIT: keep?
     // log the error (4xx -> warn)
     _log(err)